Gitlab self managed — invest in your organization
Up until this time, I’ve been using gitlab.com to collaborate on git repositories with colleagues. It was all fine and everything was working as I expected.
Needs changed and codebases grew day by day. There were CI/CD pipelines running on multiple repositories every time we push changes to remote. Till we reached 400 minutes restriction per month which sounds fine for hobby projects but a blockage on enterprise level work.
Gitlab self managed to the rescue
If you have the same problem or you want to keep your projects inside your organization follow me to setup a standalone instance of Gitlab on your own machine.
Can I install it on my local machine instead of cloud?
You can install anywhere you’d like. From your own pc to virtual machine like VmWare to a cloud server, depending on your need. Just make sure you have an always-on system with proper network connected.
Is there any other limit or pricing ?
For almost anything you might want to do with a source control system you’re free of charge. But self hosting enterprise software like Gitlab does not come with no cost at all. There are always other features they offer and might be helpful for your team which you may need or not.
Still you have most essential tools that are not available or limited in free tier.
Requirements
We are using Ubuntu 20.04 and Nginx as web server, you may have other workstation which are covered at Gitlab installation document.
Let’s do it
Step 1: install and configure dependencies
Update your package tool (apt) first.
sudo apt-get updateGitlab is using SSH to communicate securely between client and server.
sudo apt-get install -y curl openssh-server ca-certificates tzdata perlBy default SSH is not allowed on firewall. add it’s rule to ufw.
sudo ufw allow sshAdd the Gitlab package repository.
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bashNext, install the package. Make sure you have correctly set up your DNS, and change https://gitlab.example.com to the URL at which you want to access your GitLab instance. Installation will automatically configure and start GitLab at that URL.
For https:// URLs GitLab will automatically request a certificate with Let's Encrypt, which requires inbound HTTP access and a valid hostname. You can also use your own certificate or just use http://.
sudo EXTERNAL_URL="http://gitlab.example.com" apt-get install gitlab-eeGitlab is bundled with built-in Nginx. disable it if you have your own web server installed previously just skip to step 2.
sudo nano /etc/gitlab/gitlab.rband add these two lines to file and save it
nginx['enable'] = false
web_server['external_users'] = ['www-data']Step 2: Update Nginx config
Opening Gitlab login web page, requires additional config on Nginx, so create a new config file for your domain.
sudo nano /etc/nginx/sites-available/gitlab.confAdd these configs, make sure to replace gitlab.example.com with your own domain.
## GitLab 8.3+
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
## CONTRIBUTING ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
## configuration ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.
upstream gitlab-workhorse {
# On GitLab versions before 13.5, the location is
# `/var/opt/gitlab/gitlab-workhorse/socket`. Change the following line
# accordingly.
server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket;
}## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
server_name gitlab.example.com; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;## See app/controllers/application_controller.rb for headers set## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;location / {
client_max_body_size 0;
gzip off;## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;proxy_http_version 1.1;proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;proxy_pass http://gitlab-workhorse;
}}server {
listen 0.0.0.0:80;
listen [::]:80;
}
Link sites-available with sites-enabled directory.
sudo ln -s /etc/nginx/sites-available/gitlab.conf /etc/nginx/sites-enabledCheck and restart Nginx service.
sudo nginx -t
sudo service nginx reload
sudo service nginx restartStep 3 (optional) : configure smtp server
If you have a mail server and want to get notified with Gitlab notifications you can setup here.
sudo nano /etc/gitlab/gitlab.rbAdd these lines, change inputs with your own credentials and save.
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "mail.example.com"
gitlab_rails['smtp_port'] = 587 # or 25 depending on your smtp server
gitlab_rails['smtp_user_name'] = "gitlab@example.com"
gitlab_rails['smtp_password'] = "yourpassword"
gitlab_rails['smtp_domain'] = "mail.example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'Step 4: final command
To apply all changes just enter following command and press enter.
sudo gitlab-ctl reconfigureVoila, you have set up Gitlab self managed successfully.
Now if you open your domain, you might see something like this image.
Keep calm, it’s all fine. Gitlab is busy initializing some sort of stuffs for you.
You may be lucky or your server is insane or robust and redirect straight to login page, here you should set a password for root account:
Now you can login with username = root and password you previously set.
